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ABSTRACT 



N_Port_Name information capable of distinctly identify- 
ing a host computer has seen set in a microprocessor 42 of 
a storage controller 40 prior to start-up of host computers 10, 
20, 30; upon startup of the host computers 10, 20, 30, when 
the storage controller 40 receives a frame issued, then the 
microprocessor 42 operates to perform comparison for 
determining whether the N_Port„Name information stored 
in the frame has been already set in the microprocessor 42 
and registered to the N_Port_Name list within a control 
table maintained. When such comparison results in match, 
then continue execution of processing based on the frame 
instruction; if comparison results in failure of match, then 
reject any request. 

24 Claims, 11 Drawing Sheets 
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APPARATUS FOR AND METHOD OF SUMMARY OF THE INVENTION 



ACCESSING A STORAGE REGION ACROSS 
A NETWORK 



An object of the present invention is to provide a fiber 
channel connection storage control device adapted for use in 
a computer system which employs an ANSIX3T11- 

BACKGROUND OF THE INVENTION 5 standardized fiber channel as an interface between one or 

The present invention relates to storage control apparatus more host computers and a storage control device and which 

with ANSIX3T11 -standardized fiber channels as an inter- includes host computers and a storage control device plus 

face with its upper-level or "host" computers, and more more than one storage device operable under control of the 

particularly to a storage controller device which is employ- storage control device, wherein the fiber channel connection 

able in a computer system including a host computer and a 10 storage control device has a security function of, in the 

storage control device plus a storage unit operable under environment capable of physically receiving any access 

control of the storage controller and which is for elimination from the host computers, eliminating or deterring unautho- 

of unauthorized access attempts upon issuance of a request rized access attempts from the host computers to the storage 

to access the storage unit as sent from the host computer to control device, which did not have any means for rejecting 

the storage controller. 15 unauthorized access from host computers. 

Conventionally, with regard to elimination or determent Another object of the present invention is to provide a 

of unauthorized or illicit access attempts over networks, a fiber channel connection storage control device having a 

variety of approaches are known and proposed until today. scheme capable of readily managing an accessible host 

One typical prior known approach to deterring unautho- 2Q computer or computers for elimination or determent of any 

rized access has been disclosed in Published Unexamined unauthorized access from such host computers. 

Japanese Patent Application ("PUJPA") No. 3-152652, According to the present invention, the foregoing objects 

wherein a network security system between computer sys- may be attainable in a way such that N_Port_Name infor- 

tems supporting the TCP/IP protocol includes a memory mation of an accessible host computer or computers which 

device for storage of predefined identification (ID) informa- 25 information distinctly identifies each host computer in a 

tion of those users who are authorized to log-in the network. one-by-one basis is set in the storage control device for 

The security system has a function of interrupting or disen- comparison with N Port Name information as stored in a 

abling any connection to the network whenever an unau- frame to be sent from a host computer to thereby determine 

thorized person attempts to log-in the network for invasion whether a presently desired access attempt is permissible or 

or "hacking" purposes. 30 not. 

Another approach has been disclosed in PUJPA No. One practical feature of the present invention in order to 

63-253450, wherein the central processing device disclosed attain the prescribed objects is to have a means for inputting 

comes with an operating system that is designed to monitor by use of a panel or the like the N_Port_Name information 

or "pilot" entry of user ID, password and online address data that is the information being issued from a host computer for 

thereby deterring any unauthorized access to resource files 35 distinct identification of the host computer, and then for 

on disk drive units. storing such input information in a control memory of the 

Still another approach is based on the "ESCON" interface storage control device as a control table. In this case, it will 

architecture available from IBM corp., which is designed so be desirable that the storage control device has a means for 

that by utilizing the fact that a host computer stores therein permanently storing therein the information until it is reset 

a logical address thereof as the source address of the host 40 or updated. 

computer in the form of a frame and transmits the same to And, by arranging the control table to be stored in a 

a storage controller device, the storage controller has a non-volatile control memory, it becomes possible to protect 

function of checking whether an incoming logical address in the management information even upon occurrence of any 

such frame matches a logical address that has been preset in possible power supply failure or interruption, 

the storage controller. 45 in accordance with another practical feature of the present 

Any one of the prescribed prior art, approaches are not invention, after start-up of the host computer, the host 

more than a mere unauthorized access elimination means computer generates and issues a frame that stores therein 

that is inherently directed to those interfaces with a single N _Port„Name information to the storage control device; 

type of layer mounted on a host logical layer. the storage control device has means for comparing, when 

However, the ANSIX3T11 -standardized fiber channel is 50 the storage control device receives this information, the 

the "network type" architecture, which is capable of pro- maintained N_Port_Name information for distinct identi- 

viding the host logical layer with various built-in layers fication of the host computer to the N_Port_Name infor- 

mountable thereon, such as for example TCP/IP, SCSI, mation as stored in the received frame: If the comparison 

ESCON, IPI and the like. More specifically, since the buffer results in a match between the two, then continue to execute 

contents are to be moved from one device to another in a 55 the processing based on an instruction of the frame received; 

way independent of the data format and contents, it may alternatively, if the comparison tells failure in match then 

offer logical compatability with other interface configura- return to the host computer an LS_RJT frame which rejects 

tions and therefore remain physically accessible without the presently received frame. It is thus possible for the 

suffering from any particular limitations. Especially, in a storage control device to inhibit or deter any unauthorized 

storage system including this fiber channel and a storage 60 access from the host computer. 

device with a plurality of storage regions such as a disk array A further practical feature of the present invention lies in 

device or "subsystem," the storage regions are usable in presence of a means for setting N_Port„Name information 

common by an increased number of host computers. items which are greater in number than or equal to a physical 

Accordingly, the prior art unauthorized access determent number of host interface units (ports) as owned by the 

schemes remain insufficient in performance and reliability. A 65 storage control device. More specifically, a means is spe- 

need thus exists for achievement of secrecy protection based cifically provided for setting a plurality of N Jort^Name 

on users' intentional security setup. information items per port. This makes it possible to accom- 
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mod ate a multi-logical path configuration upon either a fiber lar description of preferred embodiments of the invention, as 

channel fabric or a multi-logical path configuration upon illustrated in the accompanying drawings, 
switch connections. 

Further, in a system having many magnetic disk volume BRIEF DESCRIPTION OF THE DRAWINGS 

parts such as a disk array device and also having a plurality 5 piG ± ^ a diagfam showing a hardware configuration of 

of channel path routes, the system has manager means for a first prac ticing form of the present invention, 

performing management — within the storage control device ™~ - . . • r r <- • , ^ 

f , ° * t .* i_ i iL FIG. 2 is a diagram showing a format of a frame in the first 

in a one-to-one correspondence relation per channel path racticin form 

route— of storage regions under control of the storage con- p e 

trol device, including a logical unit number (LUN)-based 10 FIG. 3 is a diagram showing a format of a frame header 

logical disk extent, a physical volume extent, a RAID which constitutes the frame shown in FIG. 2. 

group-based logical disk extent and the like, versus ports of FIG. 4(A) is a format diagram of a payload of FCP_ 

the storage control device and N_Port_Name information CMND which is one of frames shown in FIG. 2; and, FIG. 

of a host computer(s). This may enable users to deter an 4(B) is a format diagram of FCP_CDB constituting the 

unauthorized access attempt per storage region, which in 35 payload. 

turn leads to achievement of more precise access manage- FIG. 5 shows one example of a sequence performing 

ment. delivery of a data frame between a host computer and a 

Furthermore in the present invention, even where the device in the first practicing form, wherein FIG. 5(A) shows 

storage device under control of the storage control device is a sequence upon attempting of log-in, FIG. 5(B) is a 

any one of an optical disk drive, magneto-optical (MO) disk 20 sequence diagram when execution of a read command, and 

drive and magnetic tape device as well as a variety of types FIG. 5(C) is a sequence diagram upon receipt of a write 

of library devices of them, the storage control device has command. 

means for performing table based management and the pig. 6 is a diagram showing a control table used by a 

storage information of a control table-based manager/holder storage controller in controlling a host computer or com- 

means for dealing with the correspondence among the 25 puters in the first practicing form. 

N_Port_Name information of an accessible host computer, FIG. 7 shows a flow chart of frame processing as executed 

ports of the storage control device, and the storage device b the e controller issuance of a lo in t 

and further handling the correspondence management of from an upper _i evel co m p Ut er (host) in the first practicing 

media in the case or library apparatus, whue simultaneously f orm 

having a means for comparing, upon receipt of a frame as 30 „ T * a . , , , , , . , 

sent thereto, the information within the frame to the infer- FIG ' 8 1S a ?"&* m showm S a °° r ntrol table uscd b 7 

mation in the control table, thereby eliminating unauthorized * tora S e «?^Hf r for management of storage regions in the 

access attempts from host computers. firet P ractlcin S form - 

Moreover, the present invention comprises means for FIG. 9 shows a flow chart of frame processing as executed 
protecting the management information through inputting of 35 ^ the storage controller upon issuance of an I/O request 
a password upon setup of the information under manage- from the Dost in the first P ractici ng fo- 
ment of the storage control device using a panel or the like. FIG. 10 is a diagram showing a hardware configuration in 
With such an arrangement, it is possible for users to elimi- tne case where the storage device under control of the 
nate any fraudulent registration of the information and also storage controller is an optical disk library as a second 
unauthorized resetting of the same. In addition, the users are 40 practicing form of the present invention, 
capable of readily deter any unauthorized access by merely FIG. 11 is a diagram showing a control table as managed 
setting such management information thus reducing work- by the storage controller in the second practicing form 
loads on the users. shown in FIG. 10. 

It should be noted that in the present invention, the means . t^etta tt crv rwen 

for setting the information as managed by the storage control DETAILED DESCRIPTION OF THE 

device may be designed so that the use of the panel or the PREFERRED EMBODIMENTS 

like is replaced with use of a utility program or programs of An explanation will first be given of a fiber channel and 

host computers to attain the intended setup operation. a storage system structured using the channel in accordance 

In accordance with the present invention, in a computer 50 with the present invention with reference to FIGS. 1 to 5. 

system employing the ANSIX3T11 -standardized fiber chan- FIG. 1 is a diagram showing a hardware configuration of 

nel as the interface between host computers and a storage the storage system in the case where a storage device 

control device and also including the host computers, the operable under control of a storage controller unit are a disk 

storage control device and more than one storage device array module or "subsystem." In FIG. 1, reference numerals 

under control of the storage control device, it is possible to 55 10, 20, 30 designate host computers each of which may be 

deter unauthorized access from any one of the host a central processing unit for executing data processing 

computers, which in turn makes it possible to attain the required. 

intended data secrecy protection within the storage device. Numeral 40 designates a storage controller unit of the disk 

In addition, it becomes possible to precisely manage those array subsystem in which the principles of the present 

access attempts from any one of the host computers in a eo invention are implemented. As shown in FIG. 1, the storage 

one-to-one correspondence manner among the host comput- controller 40 is constituted from a fiber channel control unit 

ers and storage controller ports as well as storage regions; 41 which may be a protocol processor including a direct 

accordingly, the storage device may be efficiently utilized to memory access (DMA) for controlling data transmission 

meet the needs upon alteration of the usage per storage between it and the host computers 10, 20, 30, a micropro- 

rc g ion * 65 cessor 42 for controlling all possible operations of the 

These and other objects, features and advantages of the storage controller, a control memory 43 for storing therein 

invention will be apparent from the following more particu- microprograms for control of the operation of the controller 
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along with control data associated therewith, a cache control 
unit 44 for controlling writing and reading data to and from 
the cache, a disk cache 45 for temporarily buffering write 
data and read data to/from a disk drive(s), a device interface 
control unit 46 which may be a protocol processor including 5 
DMA for controlling data transfer between it and its asso- 
ciative disk drives, and a panel 47 for use in inputting device 
configuration information to the storage controller. 

Numeral 50 is the disk array subsystem operable under 
control of the storage controller 40. The disk array sub- 10 
system 50 is a device that stores therein data of host 
computers, which may be arranged to include therein a 
plurality of individual separate disks as disposed to have 
certain redundancy. 

The disks constituting the disk array subsystem 50 are 15 
logically divided into portions or "partitions" which may be 
set at specified RAID levels different from one another. The 
partitions are called the RAID group. This RAID group is 
further logically subdivided into regions that may be SCSI 
access units called the logical units (LUs), each of which has 20 
its unique logical unit number (LUN) adhered thereto. In this 
embodiment, the disk array subsystem 50 illustrated herein 
comes with two LUs: an LU0 (51) that is the LU indicating 
the number LUN0, and LU1 (52) with the number LUN1. 

It is noted that the number of LUs should not be exclu- 25 
sively limited to the two (2) as shown in FIG. 1 and may be 
increased more; in the case of single target functions, the LU 
may be maximally increased up to eight (8) per target. 

It is also noted that while in this embodiment the storage 3Q 
regions called the LUs are used as the access units, such 
storage regions each acting as the access unit may alterna- 
tively be those storage,regions with a physical volume being 
as the unit or with a RAID group as unit. 

The host computers 10, 20, 30 and storage controller 40 35 
employ a fiber channel 60 as the interface, and are connected 
together via a device known as the "fabric." 

An operation of the system shown in FIG. 1 will be 
explained under the assumption that the operation is per- 
formed in one exemplary case where the host computer 10 40 
performs data transfer toward the disk array subsystem 50 
by way of the storage controller 40. The following descrip- 
tion will mainly deal with the flow of control and the data 
flow. 

When the host computer 10 generates and issues an access 45 
request, the fiber channel control unit 41 recognizes such 
request then issuing a task interruption request to the micro- 
processor 42. In turn, the microprocessor 42 causes the 
control memory 43 to store therein both command informa- 
tion from the host computer and necessary control informa- 50 
tion required in this invention. 

If the command information is a write command, then the 
microprocessor 42 instructs the fiber channel control unit 41 
to execute data transfer and then stores the transferred data 
in the cache 45 via the cache controller 44. With respect to 55 
the host computer 10, the fiber channel control unit 41 issues 
a write completion report thereto. After completion of such 
write completion reporting, the microprocessor 42 controls 
the device interface controller 46 thus permitting data and 
redundancy data to be written into the disk array subsystem 60 
50. In this case, during ordinary or standard RAID5 
operations, a new parity is created based on the old data and 
old parity as well as new data; on the contrary, according to 
the control scheme of this invention, the microprocessor 42 
does the same using the device interface controller 46 and 65 
the cache control unit 44 as well as the control memory 43 
plus the cache 45. 
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On the other hand, upon receipt of read command infor- 
mation as the command information from the host computer 
10, the microprocessor 42 sends an instruction to the device 
interface control unit 46 for providing access to the disk 
array subsystem 50 which stores therein the data block of 
this access request to read data therefrom, which data will 
then be stored into the cache 45 through the cache control 
unit 44. The microprocessor 42 issues an instruction to the 
fiber channel control unit 41; the fiber channel control unit 
41 in turn transfers the data stored in the cache 45 toward the 
host computer 10 and then sends a read completion report to 
the host computer after completion of the data transfer 
required. 

Next, a technical advantage of the fiber channel 60 will be 
explained as follows. The fiber channel may be a high-speed 
interface capable of transferring data at 100 MB/s at a 
distance of 10 km in maximum. The fiber channel's archi- 
tecture is designed to send data from a "source" buffer to its 
"destination" buffer while moving the buffer contents from 
one device to another in a way independent of the format and 
contents of data per se; accordingly, any overhead which 
processes different network communications protocols will 
no longer take place thus enabling achievement of high- 
speed data transmission. A variety of kinds of layers may be 
built in the upper-level logical layer, such as for example 
TCP/IP, SCSI, ESCON, IPI and the like. In other words, it 
does have the logical compatibility with other interfaces. 
The device called the fabric is expected to execute the 
complicated device-to-device connection/exchange 
function, which leads to the capability of organization of a 
multi-layered logical bus configuration. 

The basic unit based on which the fiber channel 
exchanges or distributes data is called the "frame." Next, 
this frame will be explained with reference to FIG. 2. 

As shown in FIG. 2, a frame 70 is configured from a 
start-of-frame (SOF) section 71, frame header 72, data field 
73, cyclic redundancy check (CRC) 74, and end-of-frame 
(EOF) 75. 

The SOF 71 is an identifier of 4 bytes which is put at the 
top of the frame. 

The EOF 75 is a 4-byte identifier at the last location of the 
frame; a combination of SOF 71 and EOF 75 indicates the 
boundary of frame. In the fiber channel, an "idle" signal or 
signals flow therein in cases where any frames are absent. 

The frame header 72 contains therein a frame type, host 

protocol type, source and destination's N Port_ID 

information, N_Port_Name information and the like. The 
N_Port_ID is information indicative of an address, 
whereas N_Port_Name represents a port identifier. 

The header of upper-level layer may be put at the top part 
of the data field 73. This is followed by a payload section 
which carries data per se. CRC 74 is a 4 byte check code for 
use in checking or verifying the frame header and data in the 
data field., 

The frame header 72 has a format 80 as shown in FIG. 3. 
In the frame header format 80, a destination identifier 
(D_ID) 81 is an address identifier on the frame reception 
side, and a source identifier (S_ID) 82 is an identifier 
indicative of the N_Port address on the frame transfer side, 
each of which may involve N_Port_JD, N_Port_Name 
information, etc. 

An explanation will next be given of a payload 90 of fiber 
channel protocol command FCP_CMND, which stands for 
fiber channel protocol for SCSI command and which is one 
of payloads of the data field 73 constituting the frame, in 
conjunction with FIGS. 4(A) and 4(B). 
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A logical unit number LUN for issuance of a command is 
assigned to an FCP logical unit number (FCP_LUN) field 
91. A command control parameter is assigned to an FCP 
control (FCP_CNTL) field 92. And, an SCSI command 
descriptor block is stored in an FCP command descriptor 
block (FCP__CDB) field 93 for indication of a command 
type such as a read command "Read" or the like, an address 
such as LUN, and a block number. The amount of data to be 
transferred in response to the command is designated by 
byte number in an FCP data length (FCP_DL) field 94, 

Data exchange/distribution operations are executed by 
use of the frame thus arranged as described above. 

Frames employed herein may be generally classified 
based on function into a data frame and link control frame. 
The data frame is for use in transferring information, and 
thus has data and command as used by the host protocol, 
which are built in the payload section of the data field 
thereof. 

On the other hand, the link control frame is typically used 
for indication of a success or failure of frame distribution. 
There may be a frame or the like for use in indicating actual 
receipt of a single frame or in notifying a parameter con- 
cerning transmission in log-in events. 

Next, the "sequence" will be explained with reference to 
FIG. 5. The sequence in the fiber channel may refer to a 
collection of data frames concerned which will be unidircc- 
tionally transferred from one N_Port to another N_Port, the 
sequence corresponding to the phase in SCSI. A collection 
of such sequences is called the "exchange." One example is 
that a collection or group of certain sequences will be called 
the exchange, which sequences undergo exchange/ 
distribution processing for execution of a command within 
a time period spanning from the issuance of such command 
to the completion of command execution (including com- 
mand issuance, data transmission, and completion 
reporting). As apparent from the foregoing description, the 
"exchange" may be equivalent to I/O of SCSI. 

FIGS. 5(A), 5(B) and 5(C) show a log-in sequence (100), 
read command sequence (110), and write command 
sequence (120), respectively. 

In the fiber channel interface, the intended communica- 
tion becomes available in a particular event in which the host 
computer sends the device a port log-in (N_Port Login) 
frame containing a communication parameter, and then the 
device actually receives this frame. This will be called the 
"log-in." FIG. 5(A) shows such log-in sequence (100). 

In the log-in sequence (100) shown in FIG. 5(A), the host 
computer first sends a PLOGI frame to the device at a 
sequence 101 thereby to require a log-in attempt. The device 
in turn sends an acknowledge (ACK) frame to the host 
computer thereby informing it of actual receipt of the 
PLOGI frame. 

Then, at a sequence 102, the device operates to send the 
host computer either an accept (ACC) frame if the log-in 
request is accepted or a link service reject (LS-RJT) frame 
if the request is to be rejected. 

Next, the read command sequence (110) of FIG. 5(B) will 
be explained. 

In a sequence 111, the host computer sends the FCP_ 
CMND frame to the device for requiring execution of a read 
operation. The device then sends back the ACK frame to the 
host computer. 

At sequence 112, the device sends the host computer an 
FCP transfer ready (FCP_XFER_RDY) frame thereby 
notifying it of completion of preparation for data transmis- 
sion. The host computer then sends the ACK frame to the 
device. 
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The routine goes next to sequence 113 which permits the 
device to send the host computer an FC data (FC DATA) 
frame and then transfer data thereto. The host computer 
sends back ACK frame to the device. 

5 At the next sequence 114, the device sends the FCP__RSP 
frame to the host computer to thereby inform it of successful 
completion of data transmission required. The host com- 
puter then sends back ACK frame to the device. 
An explanation will next be given of the write command 

10 sequence (120) of FIG. 5(C). 

At sequence 121, the host computer sends the device an 
FCP_CMND frame to perform issuance of a write request. 
In turn, the device sends ACK frame to the host computer. 

15 Then at sequence 122, the device sends FCP_XFER_ 
RDY frame to the host computer in order to inform it of the 
fact that data writing is available. The host computer sends 
ACK frame to the device. 

Further, in sequence 123, the host computer sends FCP_ 

20 DATA frame to the device for execution of data transfer. The 
device then sends ACK frame to the host computer. 

Lastly at sequence 124, the device sends the host com- 
puter an FCP response (FCP_RSP) frame thereby notifying 
it of successful completion of data reception concerned. The 

25 host computer then sends ACK frame to the device. 

While the general system configuration and format plus 
sequences have been explained in conjunction with FIGS. 1 
to 5(C), a security check scheme incorporating the principles 
of the present invention will be explained below. 

30 A security check scheme will first be explained which 
employs the N_Port_Name information during PLOGI 
processing. 

In accordance with the invention, a first operation to be 
done in FIG. 1 is that the user sets or establishes a list of one 

35 or several host computers that may provide access to the 
microprocessor 42 of the storage controller 40 prior to 
start-up of the host computers 10, 20, 30. More specifically, 
the N_Port_Name and N_Port_JD information capable of 
identifying such host computers) may be input using the 

40 panel 47. When this is done, in order to attain the secrecy 
protection function upon inputting to the panel, entry of a 
password should be required upon inputting of the informa- 
tion to thereby enhance the security. 

45 After input of the password, if such input password 
matches a preset password, then input the N_Port_Name 
information of more than one accessible host computer with 
respect to each port of the storage controller to thereby store 
the input information in the control table. 

so Now, assume for example that the host computers 10, 20 
are capable of getting access to the disk array subsystem 50 
whereas the host computer 30 is incapable of accessing disk 
array subsystem 50. Assume also that the N_Port_Name is 
such that the host computer 10 is HOSTA, host computer 20 

55 is HOSTB, and host computer 30 is HOSTC Suppose that 
the port of the fiber channel control unit 41 of the storage 
controller 40 is CTL0P0. If this is the case, the resulting 
log-in request control table 130 is as shown in FIG. 6., 
By establishing this log-in request control table 130 

go shown in FIG. 6 in a nonvolatile memory, it becomes 
possible to protect the management information against any 
possible power interruption or failure. 

In addition, the information stored in the log-in request 
control table 130 is saved in the hard disk region 50 upon 

65 occurrence of power off. Or alternatively, upon updating of 
information, reflection is performed to the memory 43 and 
the disk 50. This may enable the storage controller 40 to 
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permanently hold or store therein the information until it is with the N„Port_Name information of one or several 

subject to resetting or re-establishment. accessible host computers, thereby storing the input infor- 

It should be noted that while the "self* node information mation in the control table, 

for use in identifying nodes and/or ports in the fiber channel Assume here that the LUO (51) is accessible from the host 

may also involve N_Port_JD other than the N_Port Name, 5 computer 10 via a port of the fiber channel control unit 41 

it is desirable that the N_Port_Name information be used 0 f the storage controller 40 whereas the LU1 (52) is acces- 

as an object to be checked for security. This is because of the sible from the host computer 20 via a port of fiber channel 

fact that the N_Port_lD will possibly be altered or modified control unit 41 of storage controller 40. Suppose that regard- 

and is not the numeral value under management by the users. m g the N_Port_Name, the host computer 10 is HOSTA 

Next, an explanation will be given of a frame processing 10 while host computer 20 is HOSTB. Imagine that a port of 

procedure of the storage controller in reply to issuance of a fiber channel control unit 41 of storage controller 40 is 

log-in request from a host computer with reference to FIGS. CTL0P0. If this is the case, an I/O request control table 140 

1 and 7. is as shown in FIG. 8. 

(Step S71) This I/O request control table 140 shown in FIG. 8 is 

The host computers 10, 20, 30 start up each issuing a 15 established in the storage space of a nonvolatile memory 

PLOGI frame, which is the log-in request frame storing thereby making it possible to protect the management infor- 
therein the N_Port_Name information. Upon receipt of mation against loss or destruction due to any accidental 

such frame, the microprocessor 42 of the storage controller power interruption or failure. 

40 sends back each host computer an ACK frame represen- i n addition, upon occurrence of power off, the information 

tative of actual receipt of the frame. 20 stored in the I/O request control table 140 shown in FIG. 8 

(Step S72) is to be stored in the hard disk region 50. Or alternatively, 

And, the microprocessor 42 attempts to extract N_Port reflection is carried out to the memory 43 and disk 50 upon 

Name information as stored in the frame, and then performs updating of information. This makes it possible to perma- 

comparison for determining whether such N_Port_Name nently hold or maintain the information until it is reestab- 

information has already been registered in the N__Port__ 25 Hshed at later stages. 

Name list within the presently available preset control table. Although in this embodiment the channel path route is 

(Step S73), (Step S74), (Step S75) single, the same goes with other systems having a plurality 

The N_Port_Name information that is presently stored 0 f channel path routes, 

in the frames issued from the host computers 10, 20 may A f rame processing procedure of the storage controller in 

match the N_Port_Name information which has been reg- 30 response to issuance of the I/O request from more than one 

istered within the control table so that the microprocessor 42 host comp uter will now be explained in conjunction with 

of the storage controller 40 returns the ACC frame to the pj GS 1 and 9 Wh fl e m me prior example stated supra the 

host computers 10, 20 as a mark of actual receipt of the security check was done in the course of PLOI, the check is 

individual log-in request while simultaneously continuing to performed per SCSI command in this embodiment, 

execute the log-in processing. 35 (§t e p S91) 

(Step S73), (Step S76) Whcrc the host computer 10 desires to issue the I/O 
On the other hand the N„Port_Name information stored r t t0 LU0 (51)> the hos( c mer 10 gen e ra tes and 
in the frame as issued from the remaining host computer 30 ^ a specific framc ^ {hwiQ SCSI CDB tQward lhe 
fails to match the N Port Name information registered in st 40. Uporj receiving of this frame, the 
the control table so that the microprocessor 42 o storage 40 st controller 40 first sends back the ACK frame rep- 
controller 40 returns to the host computer 30 an LS_RJT rese ntative of actual receipt of this frame, 
frame which contains therein a reject parameter for rejection (Steo S92 1 * 

of its connection attempt. A , . A ~ t t t , KT „ XT 

. iL , ,_ , And, the microprocessor 42 extracts the N_Port_Name 

In the way as described above, by causing the storage . e t . \ T. t . c , ... inxr i_ 

. ' J * e information stored in the frame alone with the LUN number 

controller 40 to manage the one-to-one correspondence of 45 . t , j .u r . j » 

A , c * t 4 , . r within the CDB, and then performs comparison to determine 

those parts of the host computers and he storage control er whethersuch N _ Port _ N l e information and LUN number 

usmg the log-in request control table 130 ,t is possible for afe ^ ^ 

users to prevent any unauthorized access attempts from host , * a • < • i .1 

t r ,u u • .1. u Deen preset and mamtained presently. 

T^ZAy^ ^ " m ^ so (Step S93), (Step S94),(Step P S95) 

Next, one preferred methodology will be described which T c ° ntent " me h 1 ost f ra P uter 10 can access 

is for practicing the security check scheme using the LU0 ( 51 > has been reg^tered m the management table, the 

N_Port_Name information per LUN that is the storage microprocessor 42 of the storage controller 40 receives the 

region of the disk array subsystem in accordance with the command and continues execution of I/O processing, 

principles of the present invention. 55 (Step S91) 

In accordance with the invention, first establish a list of 0n the other hand, where the host computer 20 issues an 

those accessible host computers per LUN to the micropro- VO request frame of LUO (51), when the storage controller 

ccssor 42 of storage controller 40 before startup of the host 40 docs receive this frame storing therein the SCSI CDB, the 

computers 10, 20, 30. Then, input using the panel 47 certain microprocessor 42 first returns to the host computer 20 the 

information such as the N_Port_Name or N_Port„ID 60 ACK,frame indicative of actual receipt of this frame, 

information or the like capable of identifying the host (Step S92) 

computers. When this is done, request entry of a password And, the microprocessor 42 operates to extract both the 

upon inputting of such information in order to achieve the N_Port_Name information stored in the frame and the 

secrecy protection function through input to the panel 47, LUN number within CDB, and then executes search pro- 

thereby enhancing the security. 65 cessing to thereby determine whether such N Jort^ame 

After inputting such password, if this matches the preset information and LUN number are present in the manage - 

password, then input the port of storage controller along ment table. 
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(Step S93), (Step S96) 

Suppose that the search reveals the absence of any com- 
bination of its corresponding LUN and N__Port_Name in 
the management table. If this is the case, the microprocessor 
42 of storage controller 40 sends an LS__RJT frame to the 5 
host computer 20 for rejection of the I/O request thereof. 

In this way, the storage controller may prevent any 
unauthorized access attempts. 

Although the explanation herein was devoted to the log-in 
and I/O request frames, any other information may be a0 
employed for comparison, including but not limited to the 
N_Port_Name information as stored in any one of the other 
host computer frames. 

It must be noted that the storage device under control of 
the fiber channel connection storage controller should not 15 
exclusively be limited to the disk array subsystem stated 
supra, and the principles of the present invention may 
alternatively be applicable to any systems employing an 
optical disk drive, magneto-optical disk drive and magnetic 
tape storage as well as library apparatus including one or 2 o 
several of them in combination. 

A summary of the case where the present invention is 
applied to a system including its storage device under 
control of the storage controller which is configured from an 
optical disk device or "subsystem" will be explained with 2 s 
reference to FIG. 10. Reference numeral 150 designates 
such optical disk library subsystem under control of the 
storage controller 40; numeral 151 indicates an optical disk 
drive; 152 to 156, optical disk media. 

The user is expected before startup of the host computers 30 
10, 20, 30 to make use of the panel to establish a corre- 
spondence relation among the individual medium and drive 
as well as port relative to the N_Port_Name information 
while maintaining in a micro-program the right or authori- 
zation of accessibility of host computers. 35 

Assume that those media 152, 153, 154 are accessible 
from the host computer 10 whereas media 155, 156 are 
accessible from host computer 20. Suppose that the 
N_Port_Name information of host computer 10 is HOSTA, 
that of host computer 20 is HOSTB. Suppose also that the 40 
port of storage controller 40 is CTL0P0, that of optical disk 
drive 151 is DRIVE0, and those of respective media 152, 
153, 154, 155 and 156 are MEDA, MEDB, MEDC, MEDD 
and MEDE. In this case, a request control table 160 is as 
shown in FIG. 11. 45 

When respective host computers generate and issue I/O 
request frames, volume information must be stored in CDB 
in the payload constituting each frame; accordingly, the 
storage controller 40 is responsive to receipt of the frame for 
comparing both the N__Port_Name information within the 50 
frame and a medium identifier within the payload to corre- 
sponding items as presently stored in the control table which 
has been preset and held in the storage controller 40. In this 
way, applying the principles of the invention may enable the 
storage controller to eliminate any possible unauthorized 55 
access attempts from the host computers. 

What is claimed is: 

1. A storage system adapted to be coupled to a plurality of 
host computers, comprising: 

at least one storage device for storing data, said storage go 
device divided into a plurality of storage regions; and 

a table for managing correspondence between said host 
computers and said plurality of storage regions, said 
table containing distinct identification information for 
said host computers and associated identification in for- 65 
mation for respective ones of said plurality of storage 
regions, and said table authorizing access to one of said 
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storage regions in said storage device by one of said 
host computers by using said distinct identification 
information and said associated identification informa- 
tion. 

2. A storage system adapted to be coupled to a plurality of 
host computers via fibre channel, comprising: 

at least one storage device for storing data, said storage 

device having a plurality of storage regions; 
a storage controller for controlling access from said host 
computers to said storage device comprising: 
a channel controller adapted to be coupled to said host 
computers via fibre channel for controlling data 
transfer from and to said host computers; 
a device interface controller for controlling data trans- 
fer from and to said storage devices; 
a cache for temporarily buffering write-data from said 
host computers, and read-data from said storage 
devices; and 

a table for managing correspondence between said host 
computers and said plurality of storage regions in 
response to distinct identification information and 
associated identification information for respective 
ones of said plurality of storage regions stored in said 
table, said table authorizing access from one of said 
host computers to a respective one of said plurality 
of storage regions in said storage device by using 
said distinct identification information and said asso- 
ciated identification information. 

3. The storage system according to claim 2, wherein said 
fibre channel is a standardized ANSI X3T11 fibre channel. 

4. The storage system according to claim 2, wherein said 
plurality of storage regions comprise logical units, volume 
units, or units of a RAID group. 

5. The storage system according to claim 4, wherein said 
plurality of storage regions are logical volume units. 

6. A storage system adapted to be coupled to a plurality of 
host computers via fibre channel, comprising: 

at least one storage device for storing data, said storage 

device having a plurality of storage regions; 
a storage controller for controlling access between said 
host computers and said storage device comprising: 
a channel controller adapted to be coupled to said host 
computers by fibre channel for controlling data trans- 
fer from and to said host computers; 
a device interface controller for controlling data trans- 
fer from and to said storage device; 
a cache for temporarily buffering write-data from said 
host computers, and for temporarily buffering read- 
data from said storage devices; and 
a table for managing correspondence between said host 
computers and said plurality of storage regions in 
response to distinct identification information and 
associated identification information for respective 
ones of said plurality of storage regions stored in said 
table, said table authorizing access from one of said 
host computers to one of said storage regions in said 
storage device by using said distinct identification 
information and said associated identification infor- 
mation. 

7. A storage system adapted to be coupled to a plurality of 
host computers via fibre channel, comprising: 

at least one storage device for storing data, said storage 

device having a plurality of volumes; 
a storage controller for controlling access from said host 
computers to said storage device comprising: 
a channel controller adapted to be coupled to said host 
computers by fibre channel for controlling data trans- 
fer from and to said host computers; 
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a device interface controller for controlling data trans- 
fer from and to said storage device; 

a cache for temporarily buffering write data from said 
host computers, and for temporarily buffering read 
data from said storage devices; and 5 

a table for managing correspondence between said host 
computers and said plurality of volumes in response 
to Name information for said host computers and 
associated identification information for respective 
ones of said plurality of volumes stored in said table, 10 
said table authorizing access from one of said host 
computers to one of said volumes in said storage 
device by using said Name information and said 
associated identification information, wherein said 
storage controller prevents unauthorized access from 15 
one of said host computers to one of said volumes. 

8. A storage system adapted to be coupled to a plurality of 
host computers, comprising: 

at least one storage device for storing data, said storage 
device divided into a plurality of volumes; and 20 

a table for managing correspondence between said host 
computers and said plurality of volumes in response to 
Name information for identifying said host computers 
and associated identification information for respective 
ones of said plurality of volumes stored in said table, 25 
said table authorizing access from one of said host 
computers to one of said volumes in said storage device 
by using said Name information and said associated 
identification information. 

9. A method of accessing a storage system comprising a 30 
storage controller for transferring data between a plurality of 
host computers, and at least one storage device for storing 
data from said host computers, comprising the steps of: 

dividing said storage device into logical regions; 35 
providing a table indicating which of said host computers 
can access to which of said logical regions of said 
storage device by using Name information which iden- 
tifies said host computers and associated identification 
information for respective ones of said logical regions; 40 
and 

authorizing access to a logical region only from said 
identified host computers in response to said Name 
information and said associated identification informa- 
tion in said table. 45 

10. A method of accessing a storage system connected to 
a plurality of computers via a fibre channel network, com- 
prising the steps of: 

receiving a first relation between a first computer and one 
of a plurality of volumes in said storage system; 50 

receiving a second relation between a second computer 
and one of said plurality of volumes in said storage 
system; 

receiving a first message containing distinct identification 55 
information for said first computer and associated iden- 
tification information for one of said plurality of vol- 
umes to access a first associated one of said plurality of 
volumes from said first computer; 

sending a response message to said first computer from 60 
said storage system according to said first relation, said 
response message to said first computer allowing said 
first computer to access said first associated one of said 
plurality of volumes; 

receiving a second message containing distinct identifi- 65 
cation information for said second computer and asso- 
ciated identification information for one of said plural- 
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ity of volumes to access said second associated one of 
said plurality of volumes from the second computer; 
and 

sending a response message to said second computer from 
said storage system according to said second relation, 
said response message to said second computer not 
allowing said second computer to access said second 
associated one of said plurality of volumes. 

11. The access method according to claim 10, wherein 
said first relation comprises Name information of said first 
computer and wherein said second relation comprises Name 
information of said second computer, 

12. A storage system adapted to be coupled to a plurality 
of host computers, comprising: 

a storage device divided into a plurality of storage 
regions; and 

a table adapted to store distinct identification information 
and associated identification information for respective 
ones of said plurality of storage regions indicating 
authorized access by said plurality of host computers to 
respective ones of said storage regions. 

13. A storage system adapted to be coupled to a plurality 
of computers via fibre channel, comprising: 

a storage device having a plurality of storage regions; 
a storage controller comprising: 

a channel controller adapted to be coupled to said 

computers via fibre channel; 
a device interface controller coupled to said storage 
device; 

a cache interposed between said storage device and said 
interface controller; and 

a memory adapted to store distinct identification infor- 
mation and associated identification information for 
respective ones of said plurality of storage regions 
indicating authorized access by said plurality of 
computers to respective ones of said plurality of 
storage regions. 

14. A storage system adapted to be coupled to a plurality 
of computers via fibre channel, comprising: 

a storage device having a plurality of volumes; 
a storage controller comprising: 

a channel controller adapted to be coupled to said 

computers via fibre channel; 
a device interface controller coupled to said storage 
device; 

a cache interposed between said storage device and said 
interface controller; and 

a memory containing a table adapted to store Name 
information and associated identification informa- 
tion for respective ones of said plurality of volumes 
indicating authorized access by said plurality of 
computers to respective ones of said plurality of 
volumes. 

15. A storage system adapted to be coupled to a plurality 
of host computers, comprising: 

a storage device divided into a plurality of volumes; and 
a table adapted to store distinct identification information 
and associated identification information for respective 
ones of said plurality of volumes indicating authorized 
access by said plurality of host computers to respective 
ones of said plurality of volumes. 

16. A medium that stores instructions adapted to be 
executed by a processor to manage authorized access by a 
plurality of host computers to respective ones of a plurality 
of storage regions in a storage device in response to distinct 
identification information for said host computers and asso- 
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ciated identification information for respective ones of said 
plurality of storage regions stored in a table, said instructions 
authorizing access from one of said host computers to a 
respective one of said regions in said storage device by using 
said distinct identification information and said associated 5 
identification information, wherein said processor prevents 
unauthorized access from one of said host computers to one 
of said regions. 

17. The medium of claim 16, wherein said instructions 
include instructions to: 10 

allow access to a region only from host computers iden- 
tified in said table in response to said information in 
said table. 

18. The medium of claim 16, wherein said instructions 
include instructions to: 35 

receive an FCP command in a frame having identification 
information from one of said host computers; 

recognize which host computer has sent said FCP com- 
mand by said identification information; 2Q 

judge whether said recognized host computer can be 
permitted access to a region or not; and 

accept said access from said host computer when said 
judging is acceptable. 

19. The medium of claim 16, wherein said instructions 25 
include instructions to: 

receive a first relation between a first computer and one of 
a plurality of volumes in said storage system; 

receive a second relation between a second computer and 
said one of said plurality of volumes in said storage 30 
system; 

receive a first message to access said one of said plurality 
of regions from a first computer; 

send a response message to said first computer from said 35 
storage system according to said first relation, said 
response message to said first computer allowing said 
first computer to access said one of said plurality of 
volumes; 

receive a second message to access said one of said 40 
plurality of regions from a second computer; and 

send a response message to said second computer from 
said storage system according to said second relation, 
said response message to said second computer not 
allowing said second computer to access said one of 45 
said plurality of volumes. 

20. A method of managing correspondence between a 
plurality of host computers and a plurality of storage regions 
in a storage device in response to distinct identification 
information for said host computers and associated identi- 50 
fication information for respective ones of said plurality of 
storage regions stored in a table, comprising authorizing 
access from one of said host computers to a respective one 

of said plurality of storage regions in said storage device by 
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using said distinct identification information and associated 
identification information such that a processor prevents 
unauthorized access from one of said host computers to one 
of said regions. 

21. A storage system adapted to be coupled to a plurality 
of computers via fibre channel, comprising: 

a storage device divided into a plurality of storage 
regions; and 

a table adapted to store distinct identification information 
and associated identification information for respective 
ones of said plurality of storage regions indicating 
authorized access by said plurality of computers to 
respective ones of said plurality of storage regions. 

22. A storage system adapted to be coupled to a plurality 
of computers, comprising: 

a storage device having a plurality of storage regions; 

a storage controller comprising: 

a channel controller coupled to said computers; 
a device interface controller coupled to said storage 
device; 

a cache interposed between said storage device and said 
interface controller; and 

a memory adapted to store distinct identification infor- 
mation and associated identification information for 
respective ones of said plurality of storage regions 
indicating authorized access by said plurality of 
computers to respective ones of said plurality of 
storage regions. 

23. A storage system adapted to be coupled to a plurality 
of computers, comprising: 

a storage device having a plurality of volumes; 
a storage controller comprising: 

a channel controller coupled to said computers; 

a device interface controller coupled to said storage 
device; 

a cache interposed between said storage device and said 
interface controller; and 

a memory adapted to store Name information and 
associated identification information for respective 
ones of said plurality of volumes indicating autho- 
rized access by said plurality of computers to respec- 
tive ones of said plurality of volumes. 

24. A storage system adapted to be coupled to a plurality 
of computers, comprising: 

a storage device divided into a plurality of volumes; and 
a table adapted to store distinct identification informa- 
tion and associated identification information for 
respective ones of said plurality of volumes indicating 
authorized access by said plurality of computers to 
respective ones of said plurality of volumes. 
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